on computer science and media topics

Metadata in the world of smartphones

Metadata is data about data. Thus, it provides information about data. Examples for metadata are file size, time and date of creation, means of creation of data etc. Every day, we deal with it, but no one really cares about it. Sometimes, metadata gives us more information than the data itself.

But which devices generate metadata? How often do we use it? One of the largest producers of metadata are our smartphones. For this article we will check which metadata cameras or smartphones save in each picture we take. Normally, a picture is shot and then there is the look for the next one or it will be shared on a social media platform. Most people want to share the nice side of life with their friends.

But a look at the settings for metadata is worthwhile. Most smartphones write the date and time of recording in the name of the image. Furthermore, metadata knows about the application which is used to take the picture, also date and time, file size and much more. When we take a closer look, we also find information about the camera, camera type, producer and the model. When the photo is uploaded to a website, the operator will know which phone was used and thus how much it cost. But that is a secret that can be public because everyone can see it for example in university or subway.

The chanciest metainformation is the location. Most smartphones safe the GPS location as a standard setting. It is nice to view pictures after holidays and to know exactly where they were taken. But most of the time normal people aren’t on holidays. And ask yourself, when was the last time you really used this feature? Never? Smartphones are used in the daily business and people use them to share pictures with their friends via WhatsApp, Instagram or other social media platforms. With each image loaded into a social network, a puzzle part for a movement profile is added. With GPS coordinates and Google Maps or a similar service it is easy to figure out your address. A social networking profile usually requires a name, thus this name is known to the service and the address is also known from the GPS information in the images.

Now the interesting parts start. In times of internet of things, social media and etc. everything can be found online and what’s once on the internet never disappears from there. Here’s a small thought game, which is also possible in reality and without great technical talent.

Our victim is called Peter Private. His name everyone can be found in one of the social networks. We get his address from the GPS information of this picture with the nice dog below.

Figure 1: A nice picture of a dog in garden

A glance at the metadata of the harmless image is all it takes. The GPS information is quickly converted into a real address, thanks to Google Maps. Now it continues with a simple Google search. With a full name and an address you can find a lot of information about Peter Private.

Thus one finds information about the hobbies, the occupation and the income. But are you really that transparent on the net? Yes, but back to our victim Peter.

The result of the Google search is that Peter plays football in a local team, and on the website of the club there is also a team photo with Peters face. Now we have a face for our victim and his first hobby. On the website of the club we find the training times. Thus Mr. Private is not at home during these times. Wonderful if you want to break into his house. The search continues. On LinkedIn or similar networks Peter publishes information about his education, his profession, his current position and his current employer. As a consequence, his income, i.e. his financial possibilities, can be estimated. Furthermore, we can identify more of Peter’s hobbies, sell these information to web shops, thus he gets personalized advertising online and offline.

What information have we found about Mr. Private so far? Much more than he’d like. We were able to find his name, his address, his hobbies, his employer and also his financial possibilities. If the data can now be linked with further, such as the user behavior on his smartphone, his shopping habits etc., Peter Private becomes more and more Peter Public. His date of birth is quickly found out and if the information collected so far can still be compared with networks such as Facebook and expanded, it is no longer difficult to influence Peter’s future actions. With the power of social media a complete profile of Peter can be created, this can be linked to the profiles of his friends and as a result more and more data is collected and linked. That should make us all think, because that is exactly what we do not want.

A big problem is escaping this data swirl. Even if you don’t use any social media yourself, your mobile phone number quickly ends up there. One way to get there is WhatsApp. Anyone who has your mobile number stored will inevitably send it to WhatsApp. Of course, just to check if I can be reached via the WhatsApp network or not. It is important to sensitize oneself and one’s surroundings to these topics, one will probably not be able to escape completely today. But sometimes you should rather pay one or two Euros more and buy an application than use the avoidable free version. Because if you don’t pay with money, you pay with your own data. To get back to the beginning: Not only sometimes the metadata gives us more information than the data itself, but almost always. And this during times when as much data as possible is collected and evaluated.

So my tip for you is: Check the settings of your mobile phone camera and see which permissions your apps really need. Because if we don’t try to give out less data ourselves, we shouldn’t be surprised about scandals like the Cambridge analytica scandal with Facebook.

Research Issues:

How can Messenger be protected against display spying?

What needs to happen to make privacy more important than the habit and convenience of users?

How can data protection and public interests such as terror protection and law enforcement be brought together to provide the highest possible level of security and privacy? Where’s the red line?